"""Add comment to acltemplate

Revision ID: 1c8a45c2ec20
Revises: a3ee46e3860e
Create Date: 2022-07-11 10:37:18.068244+00:00

"""
from alembic import op
import sqlalchemy as sa


# revision identifiers, used by Alembic.
revision = '1c8a45c2ec20'
down_revision = 'a3ee46e3860e'
branch_labels = None
depends_on = None

name_comment = [
    (
        "NFS4_DOMAIN_HOME",
        "Template for special Samba homes share in Active Directory (AD) domains. "
        "This is differentiated from non-AD homes share in that the entries are optimized "
        "to handle the case where the share's connectpath auto-expands to contain user's "
        "domain and name."
    ),
    (
        "NFS4_HOME",
        "Template for special Samba homes share that only grants read and write access to the "
        "home share's owner."
    ),
    (
        "NFS4_OPEN",
        "Template that grants full control to owner@, group@, and everyone@ special entries."
    ),
    (
        "NFS4_RESTRICTED",
        "Template that omits access for the everyone@ special entry. The template may optionally "
        "include the special-purpose 'builtin_users' and 'builtin_administrators' groups as well "
        "as Domain Users and Domain Admins groups in Active Directory environments."
    ),
    (
        "POSIX_HOME",
        "Template for special Samba homes share that only grants read and write access to the "
        "home share's owner."
    ),
    (
        "POSIX_OPEN",
        "Template that grants read, write, and execute permissions to all users."
    ),
    (
        "POSIX_RESTRICTED",
        "Template that grants read, write, and execute to owner and group, but not other. "
        "The template may optionally include the special-purpose 'builtin_users' and "
        "'builtin_administrators' groups as well as Domain Users and Domain Admins groups "
        "in Active Directory environments."
    ),
]

NEW_ENTRIES = [
    {
        'name': 'NFS4_ADMIN',
        'type': 'NFS4',
        'acl': [
            {
                'tag': 'owner@',
                'id': None,
                'perms': {'BASIC': 'FULL_CONTROL'},
                'flags': {'BASIC': 'INHERIT'},
                'type': 'ALLOW'
            },
            {
                'tag': 'group@',
                'id': None,
                'perms': {'BASIC': 'TRAVERSE'},
                'flags': {'BASIC': 'INHERIT'},
                'type': 'ALLOW'
            },
            {
                'tag': 'GROUP',
                'id': 544,
                'perms': {'BASIC': 'FULL_CONTROL'},
                'flags': {'BASIC': 'INHERIT'},
                'type': 'ALLOW'
            }
        ]
    },
    {
        'name': 'POSIX_ADMIN',
        'type': 'POSIX1E',
        'acl': [
            {
                'default': True, 'tag': 'USER_OBJ', 'id': -1,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
            {
                'default': True, 'tag': 'GROUP_OBJ', 'id': -1,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
            {
                'default': True, 'tag': 'MASK', 'id': -1,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
            {
                'default': True, 'tag': 'OTHER', 'id': -1,
                'perms': {"READ": False, "WRITE": False, "EXECUTE": False},
            },
            {
                'default': True, 'tag': 'GROUP', 'id': 544,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
            {
                'default': False, 'tag': 'USER_OBJ', 'id': -1,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
            {
                'default': False, 'tag': 'GROUP_OBJ', 'id': -1,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
            {
                'default': False, 'tag': 'MASK', 'id': -1,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
            {
                'default': False, 'tag': 'OTHER', 'id': -1,
                'perms': {"READ": True, "WRITE": False, "EXECUTE": True},
            },
            {
                'default': False, 'tag': 'GROUP', 'id': 544,
                'perms': {"READ": True, "WRITE": True, "EXECUTE": True},
            },
        ]
    }
]

def upgrade():
    conn = op.get_bind()
    # ### commands auto generated by Alembic - please adjust! ###
    with op.batch_alter_table('filesystem_acltemplate', schema=None) as batch_op:
        batch_op.add_column(sa.Column('acltemplate_comment', sa.Text(), nullable=False, server_default=''))

    for entry in name_comment:
        template_name, template_comment = entry
        conn.execute(
            "UPDATE filesystem_acltemplate "
            "SET acltemplate_comment = ? "
            "WHERE acltemplate_name = ?",
            template_comment, template_name
        )

    comment = "Template restricting access to local and domain administrators."
    for i in NEW_ENTRIES:
        entry = {
            "acltemplate_name": i['name'],
            "acltemplate_acltype": i['type'],
            "acltemplate_acl": i["acl"],
            "acltemplate_builtin": True,
            "acltemplate_comment": comment,
        }
        conn.execute(
            f"INSERT INTO filesystem_acltemplate ({','.join(entry.keys())}) VALUES ({','.join(['?'] * len(entry))})",
            tuple(entry.values()),
        )


def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    with op.batch_alter_table('filesystem_acltemplate', schema=None) as batch_op:
        batch_op.drop_column('acltemplate_comment')

    # ### end Alembic commands ###
